Vandana Verma: why do we need psychologists in infosecurity?
Vandana Verma, an IBM security architect, believes in diversity in the infosecurity field. By diversity, she means including not only more women but also people of different races, ages, or educational backgrounds, as well as people with disabilities.
“Growing up, I didn’t know that cybersecurity was a career,” Vandana Verma once said. Now, she is an IBM security engineer, founder of InfosecGirls, the only woman on The OWASP Foundation Global Board, and a keynote speaker at various conferences.
“Diversity means people who are unique, who are different. So this means not only women. It can be minorities, people with disabilities, people from different backgrounds, people from different cultures,” Vandana Verma told CyberNews.
You need a vision for your future
“I have thought that I might not be able to do it, or I might not be able to achieve it. But it was nothing like that. You can achieve anything if you are determined to do it,” Vandana Verma said.
The biggest challenge for her was lack of self-confidence at that time. As she put it, 6-7 years ago, she was just a person going to the office. But since then, she has grown and matured.
If somebody helps, if someone can be there for us, we can do it. If you feel that there are some tasks that you can do, you have to tell people that you can do it. They will understand, and you will be able to achieve what you want.
“If you start now, probably within 6 months or within a year, you will see your gradual growth. I would say that my journey is not different from any other personal journey. What you envision for yourself is important, and where you want to be,” Vandana Verma said.
Of course, some cultural challenges might discourage women or any other group of people that might bring diversity into the field from actually entering cybersecurity or infosecurity in particular. But Vandana Verma doesn’t want to focus on that and talks about the importance of the community instead.
“If somebody helps, if someone can be there for us, we can do it. If you feel that there are some tasks that you can do, you have to tell people that you can do it. They will understand, and you will be able to achieve what you want,” she said.
The importance of the community
“6-7 years ago, my community journey began. When I started in the infosecurity field, that was just learning how networks work, how firewalls are configured, how to make environment security for an organization. But there was a bigger world out there that I didn’t know about, or I wasn’t exposed to. Throughout communities, I learned that there are so many wonderful people out there and that I have so much to learn from them,” she told CyberNews.
According to her, it’s very important not only to learn technical skills but also to share your knowledge with somebody. That way, it will grow multi-fold, she reckons.
“You get to know people and learn the latest things. And not just in the infosecurity community, but in any community. If you want to learn, the community is the way to go,” Vandana Verma said.
When she is giving her lectures and training, Vandana Verma focuses not on communities themselves, but on a specific technical angle, for example, Zero Trust, which is her research topic.
“I want to let people know that it is not just about only the communities themselves. You have to learn. That’s why communities are there,” she said.
Psychologists are welcome
Cybersecurity, according to Vandana Verma, is not only about network security or application security. It’s about different perspectives.
“This is about bringing diverse ideas and connecting the dots. And if we have people with different backgrounds, like a psychologist, he can connect the dots really well. They can understand what people are thinking about, and how they might react. Or a journalist. He talks to a lot of people. Sometimes, cyber journalists know about cybersecurity even more than a person working in this field,” she told CyberNews.
In conferences and training, she talks about diversity a lot. She talks about the necessity to bring more women, people of color, people with disabilities, people of different ages, and educational backgrounds into the field.
We need people who are unique, who are different. I preach for that, to be honest.
“We need people who are unique, who are different. (...) I preach for that, to be honest. Diversity could also mean bringing in more students. You need to start educating people at the roots, from the very beginning. If you educate students in colleges about cybersecurity, they will become cyber aware. It’s not just because they want to enter the field, or they should enter, but they should just know. Because the costs imposed by cybercrime are growing,” she said.
Cybersecurity should be for everybody - from kids to elderly people who sometimes become the prime target of cyberattacks.
She also strongly emphasizes that by bringing more diverse people into the cyber world, we shouldn’t bring down men who are dominating the field at the moment.
“A lot of my mentors were men. I would never want to eliminate anyone or to bring down anyone. There are some perspectives, opinions, but that’s going to change over time,” she said.
As my final question, I asked her to advise those who want to join cybersecurity.
“Never stop believing in yourself, and stay curious - it’s very important. And not just in this field but anywhere. If you feel that you might not be able to do it, just ask for help. (...) We have to conquer our fears, and we can achieve anything,” she said.
Also, she shared the important lesson she’s learned over the years: “I always wanted to be 10/10. But you don’t have to be 10/10 in every field. You can be, but you have to surround yourself with people who want you there. If you are going to try and do everything, you are going to burn out.”